# Release notes for Gluster 4.1.6 This is a bugfix release. The release notes for [4.1.0](4.1.0.md), [4.1.1](4.1.1.md), [4.1.2](4.1.2.md), [4.1.3](4.1.3.md), [4.1.4](4.1.4.md) and [4.1.5](4.1.5.md) contains a listing of all the new features that were added and bugs fixed in the GlusterFS 4.1 stable release. **NOTE:** Next minor release tentative date: Week of 20th January, 2019 ## Major changes, features and limitations addressed in this release This release contains fixes for several security vulnerabilities in Gluster as follows, - https://nvd.nist.gov/vuln/detail/CVE-2018-14651 - https://nvd.nist.gov/vuln/detail/CVE-2018-14652 - https://nvd.nist.gov/vuln/detail/CVE-2018-14653 - https://nvd.nist.gov/vuln/detail/CVE-2018-14654 - https://nvd.nist.gov/vuln/detail/CVE-2018-14659 - https://nvd.nist.gov/vuln/detail/CVE-2018-14660 - https://nvd.nist.gov/vuln/detail/CVE-2018-14661 ## Major issues **None** ## Bugs addressed Bugs addressed since release-4.1.5 are listed below. - [#1632013](https://bugzilla.redhat.com/1632013): georep: hard-coded paths in gsyncd.conf.in - [#1633479](https://bugzilla.redhat.com/1633479): 'df' shows half as much space on volume after upgrade to RHGS 3.4 - [#1633634](https://bugzilla.redhat.com/1633634): split-brain observed on parent dir - [#1635979](https://bugzilla.redhat.com/1635979): Writes taking very long time leading to system hogging - [#1635980](https://bugzilla.redhat.com/1635980): Low Random write IOPS in VM workloads - [#1636218](https://bugzilla.redhat.com/1636218): [SNAPSHOT]: with brick multiplexing, snapshot restore will make glusterd send wrong volfile - [#1637953](https://bugzilla.redhat.com/1637953): data-self-heal in arbiter volume results in stale locks. - [#1641761](https://bugzilla.redhat.com/1641761): Spurious failures in bug-1637802-arbiter-stale-data-heal-lock.t - [#1643052](https://bugzilla.redhat.com/1643052): Seeing defunt translator and discrepancy in volume info when issued from node which doesn't host bricks in that volume - [#1643075](https://bugzilla.redhat.com/1643075): tests/bugs/glusterd/optimized-basic-testcases-in-cluster.t failing - [#1643929](https://bugzilla.redhat.com/1643929): geo-rep: gluster-mountbroker status crashes - [#1644163](https://bugzilla.redhat.com/1644163): geo-rep: geo-replication gets stuck after file rename and gfid conflict - [#1644474](https://bugzilla.redhat.com/1644474): afr/lease: Read child nodes from lease structure - [#1644516](https://bugzilla.redhat.com/1644516): geo-rep: gluster-mountbroker status crashes - [#1644518](https://bugzilla.redhat.com/1644518): [Geo-Replication] Geo-rep faulty sesion because of the directories are not synced to slave. - [#1644524](https://bugzilla.redhat.com/1644524): Excessive logging in posix_update_utime_in_mdata - [#1645363](https://bugzilla.redhat.com/1645363): CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all] - [#1646200](https://bugzilla.redhat.com/1646200): CVE-2018-14654 glusterfs: "features/index" translator can create arbitrary, empty files [fedora-all] - [#1646806](https://bugzilla.redhat.com/1646806): [Geo-rep]: Faulty geo-rep sessions due to link ownership on slave volume - [#1647667](https://bugzilla.redhat.com/1647667): CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all] - [#1647668](https://bugzilla.redhat.com/1647668): CVE-2018-14661 glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service [fedora-all] - [#1647669](https://bugzilla.redhat.com/1647669): CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all] - [#1647670](https://bugzilla.redhat.com/1647670): CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all] - [#1647972](https://bugzilla.redhat.com/1647972): CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all] - [#1648367](https://bugzilla.redhat.com/1648367): crash seen while running regression, intermittently. - [#1648938](https://bugzilla.redhat.com/1648938): gfapi: fix bad dict setting of lease-id - [#1648982](https://bugzilla.redhat.com/1648982): packaging: don't include bd.so in rpm when --without bd